Commit Graph

755 Commits

Author SHA1 Message Date
Peter Steinberger
2830b3ef38 fix(browser): diagnose empty WSL2 Chrome replies (#100590)
* fix(browser): diagnose Windows CDP listener mismatch

Base the repair on #93481 while matching Chromium's IPv4-first, IPv6-fallback listener contract and keeping CDP exposure loopback-scoped.

Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>

* style(docs): format browser troubleshooting table

* docs: refresh browser troubleshooting map

* fix(browser): diagnose reset CDP replies

* docs: refresh browser troubleshooting map

---------

Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
2026-07-06 07:42:02 +01:00
sunlit-deng
ae53570ea8 fix(browser): notify agent when click triggers download (#93307)
* fix(browser): drain download saves and use monotonic cursor for act response

- Add drainPendingDownloadSaves() to wait for in-flight saveAs before sampling
- Use monotonic downloadSeq cursor instead of bounded-list length
- Propagate downloads info in POST /act response for click/batch/evaluate

Fixes #93250

* fix(lint): add braces around single-line if returns

Fixes eslint(curly) failures in drainPendingDownloadSaves and
pickNewDownloads. PR #93307 required CI gate.

Ref: ClawSweeper P1 review finding

* fix(browser): scope act download metadata to action

* fix(browser): broadcast downloads to all active captures to prevent misattribution

When concurrent /act calls overlap on the same page, using
state.actionDownloadCaptures.at(-1) assigned downloads to the wrong
action's capture. Push managed save promises to all active captures
so the triggering action always receives its download metadata.

Also adds regression tests: broadcast-to-all-captures, sequential
capture isolation, and strengthen the dispose test to assert no
re-capture after disposal.

* fix(browser): prevent unhandled rejection when download capture action throws before drain

Move managedSave.catch() before the captures-branch check so the
rejection handler always runs, preventing an unhandled promise
rejection when the action throws before drain() is called. Simplify
the handler by removing the now-dead return + catch at the bottom.

* fix(browser): type downloads in BrowserActResponse, fix lint unused var

- Add optional downloads field to BrowserActResponse type contract so
  typed callers of browserAct() can consume the new payload without casts.
- Remove unused afterDispose variable in pw-session tests (lint fix).

* fix(test): correct post-dispose download assertion

capture.promises is not cleared by dispose(), so re-draining a disposed
capture still returns pre-dispose results. This is benign — callers
should drain before disposing. Update the test to assert the actual
behavior (still shows old results, new download not captured).

* test(browser): cover /act download metadata response

* refactor(browser): report action-owned downloads safely

* fix(browser): close action download ownership races

* test(browser): type action download capture mock

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 04:07:16 +01:00
xingzhou
7a49b160a4 fix(browser): downloads complete over CDP connections (#89416)
* fix(browser): surface navigate downloads in CDP mode

* Validate navigation downloads before saving

* fix(browser): observe navigation download capture timeouts

* refactor(browser): unify managed download capture

* test(browser): satisfy download fixture lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 02:26:20 +01:00
Andy Ye
d9289a19e1 fix(browser): persist managed Chrome cookies across restarts (#98284)
* fix(browser): preserve managed Chrome cookies

* fix(browser): guard graceful close process ownership

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 01:32:13 +01:00
Hemant Sudarshan
bacd1c512a fix(browser): time out remote tab enumeration (#80147)
* fix(browser): time out remote tab enumeration

* chore: remove stale changelog entry

* fix(browser): isolate timed-out read cleanup

* fix(browser): isolate timed-out read cleanup

* test(browser): satisfy connection regression lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:56:05 +01:00
Wynne668
d405cda95a fix(browser): resolve act targetId aliases before mismatch check (#96178)
* fix(browser): resolve act targetId aliases before mismatch check

The /act top-level and batch targetId guards compared the caller-supplied
targetId against the resolved canonical tab.targetId with raw string
equality. Any supported alias form (tabId, label, suggestedTargetId, or a
unique id prefix) resolves to a different canonical id, so act requests that
followed the documented 'prefer suggestedTargetId/tabId/label' guidance were
rejected with 403 ACT_TARGET_ID_MISMATCH even though they named the correct
tab. snapshot/open/close/tabs lack this guard and kept working, matching the
reported symptom matrix.

Resolve the action targetId through the same tab alias resolution the route
used and reject only ids that resolve to a different tab.

* fix(browser): canonicalize act targetId aliases before Playwright dispatch

The /act gate accepted tabId/label/suggested/prefix aliases of the request
tab but left them on action.targetId. The managed executor reads
action.targetId ?? targetId for an exact page lookup (executeSingleAction ->
getPageForTargetId), so an alias missed the lookup and broke the action at
runtime whenever more than one page was open (single-page masked it via the
pages.length===1 fallback). Canonicalize the action targetId (top-level and
nested batch sub-actions) to the resolved tab id before dispatch; reject ids
that resolve to a different tab. Replace the mock-masked contract assertions
with executor-action assertions plus direct canonicalizer unit tests.

* test(browser): brace act-targetId guard clauses for curly lint

* docs(changelog): note browser target alias fix

* docs(changelog): note browser target alias fix

* fix(browser): reject ambiguous batch target aliases

* test(browser): type targetless act fixture

* docs(changelog): move browser alias fix to unreleased

* chore: drop nonessential browser changelog entry

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 21:12:13 +01:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Peter Steinberger
deac98eb72 fix: harden small runtime and installer edge cases (#100258)
* fix(media): preserve dollar sequences in transcript echoes

Co-authored-by: uditDewan <udit.dewan21@gmail.com>

* fix(mcp): catch rejected gateway event handlers

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(auto-reply): support punctuated silent token prefixes

Co-authored-by: simon-w <weng.qimeng@xydigit.com>

* fix(discord): keep voice log previews UTF-16 safe

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

* fix(clawrouter): bound usage response reads

Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>

* fix(browser): bound CDP JSON response reads

Co-authored-by: hailory <hailory@xydigit.com>

* fix(status): include current time in session status

Co-authored-by: connermo <conner.mo@gmail.com>

* fix(installer): require Arch detection before pacman

Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>

* fix(apps): default TLS gateway deep links to port 443

Co-authored-by: ben.li <li.yang6@xydigit.com>

* fix(infra): keep Undici terminated exceptions nonfatal

Co-authored-by: harjoth <harjoth.khara@gmail.com>

* fix(auto-reply): avoid Unicode-unsafe token spread

---------

Co-authored-by: uditDewan <udit.dewan21@gmail.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: simon-w <weng.qimeng@xydigit.com>
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>
Co-authored-by: hailory <hailory@xydigit.com>
Co-authored-by: connermo <conner.mo@gmail.com>
Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: harjoth <harjoth.khara@gmail.com>
2026-07-05 05:33:11 -07:00
Peter Steinberger
913311845e fix(browser): accept no-preference in openclaw browser set media
The /set/media control route accepts dark|light|no-preference|none, but the
CLI rejected no-preference, so prefers-color-scheme: no-preference could not
be emulated from the CLI. Align the CLI argument, validation, and error text
with the route contract and update the browser-control docs media line.
2026-07-05 06:54:13 +01:00
Peter Steinberger
d460635185 fix(browser): point Playwright 501 error at existing docs anchor 2026-07-05 01:44:19 +01:00
Dallin Romney
194dd6fe50 refactor(security): consolidate secret primitives (#99746)
* refactor(security): consolidate secret primitives

* fix(plugin-sdk): align secret display metadata

* chore(plugin-sdk): refresh API baseline after rebase

* refactor(security): trim secret primitive consolidation
2026-07-04 16:38:13 -07:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Dallin Romney
c7aca4f029 refactor: consolidate async timing helpers (#99721) 2026-07-03 17:58:15 -07:00
Dallin Romney
8c5f45fc36 refactor(shared): consolidate provider and utility lazy loaders (#98749)
* refactor(shared): consolidate provider lazy loaders

* refactor(shared): leave enforcement to follow-up
2026-07-02 21:16:26 -07:00
Vincent Koc
c0511692d8 test(plugins): repair prerelease validation fixtures 2026-07-01 18:02:09 -07:00
zhangLei99586
273729bd95 fix(browser): guard setDeep against empty keys array (#98138)
When keys is empty, keys[keys.length - 1] returns undefined, and the
previous ??  fallback would silently create a property with an empty
string key on the target object. Add an early return so empty keys are
a no-op instead of silently polluting the object.
2026-07-01 17:29:56 -07:00
VectorPeak
1cf6ff3bdc fix(browser): decode CDP URL credentials 2026-07-01 04:14:20 -07:00
wings1029
cc0980cb7a fix(browser): bound error body read in fetchHttpJson to prevent OOM (#98455)
* fix(browser): bound error body read in fetchHttpJson to prevent OOM

* fix(browser): enforce strict error response limit

---------

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-01 03:05:58 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Vincent Koc
c16bb8725a fix(channels): keep text previews UTF-16 safe 2026-06-30 11:04:32 -07:00
Agustin Rivera
2cf765f732 fix(browser): block node routes when sandbox host control is disabled (#97958) 2026-06-29 17:10:12 -07:00
Jiaming Guo
456c48f368 fix(gateway): require admin scope for browser proxy invoke (#85916)
* fix(gateway): require admin scope for browser proxy invoke

* fix(gateway): document trusted node scopes

* fix(gateway): align browser scope test

* fix(gateway): satisfy node test lint

---------

Co-authored-by: Agustin Rivera <agustin@rivera-web.com>
2026-06-29 16:23:02 -07:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
28a90b0e82 perf(browser): index role snapshot references 2026-06-24 09:23:19 +08:00
Vincent Koc
06a0148072 chore(deadcode): remove inert browser relay hook 2026-06-22 02:50:55 +08:00
Vincent Koc
c372f6ef0b fix(plugins): keep extension tests on public boundaries 2026-06-21 15:39:51 +08:00
Vincent Koc
8797564254 chore(deadcode): share deferred test helper 2026-06-21 13:53:24 +08:00
Vincent Koc
b039e949b6 chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Vincent Koc
cbff4fa5bc refactor(extensions): drop unused internal type aliases 2026-06-20 02:22:31 +08:00
Vincent Koc
32c02e843a refactor(browser): drop unused cdp helpers 2026-06-19 16:36:49 +08:00
Stellar鱼
8888bca752 test(browser): cover action-input CLI request bodies (#92574)
Summary:
- The branch adds Vitest coverage for browser action-input CLI request bodies across element, navigation/resize, fill/evaluate, and upload paths, plus blank-ref validation.
- PR surface: Tests +278. Total +278 across 4 files.
- Reproducibility: yes. for a source-level coverage gap: current main exposes the browser action-input command ... isting tests still lack broad success-path request-body assertions. This is not a runtime bug reproduction.

Automerge notes:
- PR branch already contained follow-up commit before automerge: test(browser): cover click-coords action body

Validation:
- ClawSweeper review passed for head c070a8d51b.
- Required merge gates passed before the squash merge.

Prepared head SHA: c070a8d51b
Review: https://github.com/openclaw/openclaw/pull/92574#issuecomment-4697124920

Co-authored-by: Stellar鱼 <2182712990@qq.com>
Co-authored-by: yu-xin-c <2182712990@qq.com>
2026-06-19 04:17:29 +00:00
Vincent Koc
3d6840bc59 refactor(browser): remove unused localhost proxy wrapper 2026-06-19 01:13:45 +08:00
Vincent Koc
9546b19a59 refactor(browser): remove unused CDP DOM helpers 2026-06-19 00:44:26 +08:00
Vincent Koc
1eaace70e3 refactor(extensions): remove unused helper exports 2026-06-19 00:33:04 +08:00
Vincent Koc
beea31a6b5 feat(firecrawl): add keyless scrape support (#94551)
Merged under maintainer approval while exact-head CI was queue-bound.

Co-authored-by: Developers Digest <124798203+developersdigest@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@users.noreply.github.com>
2026-06-19 00:23:41 +08:00
huangjianxiong
4ec9d4a2b5 fix(infra): probe 127.0.0.1 in ensurePortAvailable to detect IPv4-only occupants (#94394)
Merged via squash.

Prepared head SHA: 65bbefde8c
Co-authored-by: Pandah97 <80405497+Pandah97@users.noreply.github.com>
Co-authored-by: steipete <steipete+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-18 15:29:58 +02:00
Vincent Koc
e3bd804a17 refactor(browser): remove dead CLI test mocks 2026-06-18 16:15:04 +08:00
Vincent Koc
48c63fcb27 refactor(browser): remove unused chrome mcp wrappers 2026-06-18 14:50:24 +08:00
Vincent Koc
46b6aa9044 refactor(browser): hide cdp reachability defaults 2026-06-17 10:51:41 +08:00
liuhao1024
4cd83d26be fix(browser): use openTab return value to prevent wsUrl race in ensureTabAvailable (fixes #63343) (#93797)
* fix(browser): use openTab return value to prevent wsUrl race in ensureTabAvailable

When ensureTabAvailable opens a new tab on empty list, the return value
from openTab was discarded. A subsequent listTabs() call may return tabs
without webSocketDebuggerUrl populated yet, causing the wsUrl filter to
eliminate the newly opened tab and throw BrowserTabNotFoundError.

Fix: capture openTab's return value and merge it into candidates if the
wsUrl filter excluded it. openTab's internal discovery loop already
resolves wsUrl, so the returned tab is always valid.

* fix(browser): harden tab selection discovery

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-17 09:38:47 +08:00
Vincent Koc
6774e7f259 chore(release): sync main to 2026.6.8 2026-06-17 07:25:30 +08:00
Shakker
920e6a8eec chore: set version 2026.6.9 2026-06-16 19:54:07 +01:00
Vincent Koc
75cdf22152 fix(browser): accept top-level act fields with nested requests (#93674)
* fix(browser): accept top-level act fields with nested requests

Co-authored-by: Capivariano <11271294+angelusbr@users.noreply.github.com>

* fix(clownfish): address review for gitcrawl-416-autonomous-terminal-gap (1)

Co-authored-by: Capivariano <11271294+angelusbr@users.noreply.github.com>

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Capivariano <11271294+angelusbr@users.noreply.github.com>
2026-06-16 22:50:53 +08:00
Vincent Koc
e48222175f fix(browser): recover stale managed Chrome CDP listener (#93670)
* fix(browser): recover stale managed Chrome CDP listener

Co-authored-by: Rohit <76606932+rohitjavvadi@users.noreply.github.com>

* fix(clownfish): address review for gitcrawl-387-autonomous-terminal-gap (1)

Co-authored-by: Rohit <76606932+rohitjavvadi@users.noreply.github.com>

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Rohit <76606932+rohitjavvadi@users.noreply.github.com>
2026-06-16 22:45:21 +08:00
clawsweeper[bot]
24e729fc4e feat(browser): extend --labels overlay to full-page and element captures (#92834)
Summary:
- The replacement PR extends Browser plugin labeled screenshots to honor Playwright full-page/ref/element scope, returns annotation bounding boxes, and updates docs, tests, and skill guidance.
- PR surface: Source +415, Tests +550, Docs +24. Total +989 across 12 files.
- Reproducibility: yes. Current main source shows the labeled Playwright helper ignores fullPage/ref/element and omits annotations, and the source PR supplies live before/after commands for the Browser plugin path.

Automerge notes:
- PR branch already contained follow-up commit before automerge: docs(browser): correct raw-CDP labels caveat in automation skill
- PR branch already contained follow-up commit before automerge: fix(browser): preserve labelsSkipped semantics for off-viewport refs
- PR branch already contained follow-up commit before automerge: docs(browser): scope labels docs by driver
- PR branch already contained follow-up commit before automerge: docs(browser): fix labels annotation indent and document scope fix
- PR branch already contained follow-up commit before automerge: docs(browser): indent annotations box schema under --labels bullet
- PR branch already contained follow-up commit before automerge: docs(browser): indent labels annotation schema

Validation:
- ClawSweeper review passed for head 70aca6c506.
- Required merge gates passed before the squash merge.

Prepared head SHA: 70aca6c506
Review: https://github.com/openclaw/openclaw/pull/92834#issuecomment-4700431344

Co-authored-by: FMLS <kfliuyang@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: hxy91819
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
2026-06-14 02:21:23 +00:00
Song Zhenlin
2e8a2d617d fix(browser): remove dead requireRef navigation import
Remove the unused requireRef import and void anchor from Browser navigation command registration while keeping navigate/resize registration covered by regression tests. Fixes #83878.
2026-06-13 21:39:51 +08:00
Josh Avant
f385491c23 fix: clarify gateway SecretRef auth diagnostics (#92290)
* fix gateway secretref health diagnostics

* fix gateway health result type narrowing
2026-06-12 11:18:22 -05:00
Hemant Sudarshan
2e4bf410a2 fix(browser): honor cdp url for default session profile (#80143) 2026-06-10 12:36:11 -04:00
Agustin Rivera
ade5ac0350 fix(browser): validate discovered CDP websocket URLs (#91747)
* fix(browser): validate discovered cdp websocket urls

* fix(browser): validate cdp tab creation websockets

* fix(browser): guard termination cdp websocket

* fix(browser): use .toString() instead of String() to satisfy oxlint no-base-to-string

* fix(browser): avoid cdp termination assertion stringification

* fix(browser): preserve cdp ssrf policy
2026-06-10 07:59:29 -07:00
lifuyue
ac21e89c13 Support existing-session browser CDP endpoints (#91736)
* Support existing-session browser CDP endpoints

* Fix browser existing-session test fixture type

---------

Co-authored-by: OpenAI Codex <codex@openai.com>
2026-06-10 10:44:35 -04:00